If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Microsoft said that Stuxnet could allow an attacker to take control of a system, and it is investigating the malware. In the meantime, IT professionals can disable shortcut icons to mitigate the threat, the company advised.

From the MS advisory:

The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the icon of a specially crafted shortcut is displayed.

So yes, the shortcuts do execute files, but the icons are not supposed to execute code when they are simply viewed.

Last edited by westin; July 22nd, 2010 at 04:53 PM.

\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

What makes this exploit really scary in my opinion is when it is coupled with drive-by downloads/xss. Browsers are already insecure enough as it is, now say a user visits a malicious page which then downloads a malicious .lnk file. A lot of browsers open up a download window which can then lets the .lnk to run rampant on the machine. It could then execute a shatter attack or some other escalation privilege attack and pretty much root the system right then and there.

It looks like Microsoft is telling people to disable .lnk and .pif files until everything is made kosher once again and has even provided a tool to help users disable them. That sure is nice of them considering their first stance was "Oh, it isn't THAT big of a deal!"

A lot of browsers open up a download window which can then lets the .lnk to run rampant on the machine.

Yeah, assuming you've already accepted it as a download and the file menu doesn't automaticly close before displaying the file. At that point why not just link people to an executable and flat-out ask people to run it as admin.

Have you ever even heard of a drive-by downloading attack T-spec? You don't need the user permission to download the file in case you haven't. Once it is there, most browsers will have it open automatically by default, if they don't, more than likely they will download something and then you have them less they just want to keep their download sitting there......... I honestly don't know whether or not I should take your post seriously though.....

Your response would be fine and dandy if it had any relivance to the subject at hand... or would even fit into whatever point your trying to make.

This flaw isn't going to have the effect of lets say... adobe products. And explorer itself couldn't be effected remotely since it uses default icons as a represention of files that aren't directly located on the drive. It would have to already be on disk and displayed within a file menu to take any sort of effect.